21191 matches found
GitLab 18.7 < 18.10.7 / 18.11 < 18.11.4 / 19.0 < 19.0.1 (CVE-2026-5296)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Missing Authorization in GitLab CVE-2026-5296 Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenabl...
PT-2026-44219
The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.11.14. This is due to a missing capability check on the renderChartPages and uploadData functions, where the wp ajax visualizer-create-chart...
GitLab 11.5 < 18.10.7 / 18.11 < 18.11.4 / 19.0 < 19.0.1 (CVE-2026-2601)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Missing Authorization in GitLab CVE-2026-2601 Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenabl...
PT-2026-44216
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.6.11.8 due to the plugin not properly verifying that a user is authorized to perform an action via the bulk appointmen...
CVE-2026-4888 Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder <= 3.4.7 - Missing Authorization to Authenticated (Subscriber+) Email Sending
The Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the sendtestemail function in all versions up to, and including, 3.4.7. This makes it possible for authenticated...
CVE-2026-4888
CVE-2026-4888 affects the Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder for WordPress. The vulnerability is due to a missing capability check in the send_test_email() function across all versions up to and including 3.4.7, allowing authenticated attackers with Sub...
CVE-2026-48592
Missing Authorization vulnerability in oban-bg obanweb 'Elixir.Oban.Web.Jobs.DetailComponent' modules allows unauthorized job worker substitution. The handleevent"save-job", ... handler in 'Elixir.Oban.Web.Jobs.DetailComponent' does not perform an authorization check, unlike the sibling cancel,...
WordPress Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin <= 1.6.11.8 - Missing Authorization to Unauthenticated Arbitrary Modification vulnerability
Missing Authorization to Unauthenticated Arbitrary Modification vulnerability discovered by winrace in WordPress Plugin Simply Schedule Appointments versions = 1.6.11.8...
WordPress Visualizer: Tables and Charts Manager for WordPress plugin <= 3.11.14 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Chart Creation and Modification vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Chart Creation and Modification vulnerability discovered by davidfdzmorilla in WordPress Plugin Visualizer versions = 3.11.14...
WordPress Geo Mashup plugin <= 1.13.19 - Missing Authorization to Unauthenticated Plugin Settings Disclosure vulnerability
Missing Authorization to Unauthenticated Plugin Settings Disclosure vulnerability discovered by t0ann9uy3n in WordPress Plugin Geo Mashup versions = 1.13.19...
CVE-2026-2601
CVE-2026-2601 concerns an authorization issue in GitLab EE. An authenticated user with developer-role permissions could access sensitive deployment data on projects due to improper authorization checks. Affected versions: all GitLab EE 11.5 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19...
CVE-2026-5296
CVE-2026-5296 affects GitLab Enterprise Edition (GitLab EE) with remediation released for multiple branches: all versions prior to 18.10.7 (from 18.7), 18.11 prior to 18.11.4, and 19.0 prior to 19.0.1. The issue could allow an authenticated user with developer-role permissions, when foundational ...
Missing Authorization
Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Missing Authorization via the migrate endpoint /actions/app/migrate. An attacker can perform unauthorized migration operations by sending crafted requests to this endpoint. Remediation There ...
Missing Authorization
Overview org.jenkins-ci.plugins:job-import-plugin is a package that imports jobs from another Jenkins instance. Affected versions of this package are vulnerable to Missing Authorization via the HTTP endpoint. An attacker can enumerate credential IDs by sending crafted requests if they have...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization via the form validation method. An attacker can connect to an arbitrary URL by leveraging Overall/Read permission. Remediation Upgrade com.rapid7:jenkinsci-appspider-plugin to version 1.0.18 or higher. References -...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization via the content-locking process. An attacker can obtain email addresses and identifiers of users who should be inaccessible by sending requests as an authenticated user with restricted users.access or users.list...
CVE-2026-49054
Missing Authorization vulnerability in Mamunur Rashid The Post Grid allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects The Post Grid: from n/a through 7.9.2...
CVE-2022-41656
Missing Authorization vulnerability in Bizswoop Account Manager for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Account Manager for WooCommerce: from n/a through 2.1.2...
CVE-2026-44316
The CVE describes a nil-pointer dereference in free5GC PCF (POST /npcf-smpolicycontrol/v1/sm-policies) HandleCreateSmPolicyRequest. When a downstream OpenAPI (UDR) lookup returns 404 and the wrapper returns err != nil with a nil response, the code logs the error but does not return, then derefere...
CVE-2026-44326
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the 3gpp-traffic-influence API without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can create, read, patch, and delete traffic-influence subscriptio...